← back
CVE-2022-50957

Drupal avatar_uploader 7.x-1.0-beta8 Reflected XSS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avatar_uploader.pages.inc to execute arbitrary JavaScript in victim browsers.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
avatar_uploader · avatar_uploader
public PoCs found1
cve_referencewww.exploit-db.com/exploits/50841unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.drupal.org/project/avatar_uploaderhttps://www.exploit-db.com/exploits/50841https://www.vulncheck.com/advisories/drupal-avatar-uploader-7-x-beta8-reflected-xss